Contextualization of Linux VMs

From CipherSpace Client Wiki
Revision as of 13:26, 24 April 2017 by Stoyan (talk | contribs) (→‎Custom Vars)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


OpenNebula uses a method called contextualization to send information to the VM at boot time. Information is collected in the Template and is essential to configure the VM.

The VM template has a section called "Context" where you can automate different configuration aspects.

The Context section has 3 parts:

Configuration

Template-Configuration.png

This is the most basic context configuration provided by OpenNebula, where you can:

  • Enable Network contextualization. The VM will be configured with the information added in the network section or in Custom Var section of the template.
  • Enable SSH contextualization. Ssh service will be enabled.
  • Add SSH public keys. Keys will be added to USERNAME authorized_keys file (See custom section) or to root in case USERNAME is not set.
  • START_SCRIPT - Script which is executed when the machine starts up. It can contain either shell script or Shebang. For example START_SCRIPT="yum upgrade".

Files

Template-Files.png

In this section you can include files in your vm. Files can be added in OpenNebula in "Files" section in the left menu under "Images".

You can select files from the list and they will be automatically added in FILES_DS attribute.

If the file is a script you want to run at boot you can add it INIT_SCRIPTS attribute.

Custom Vars

Template-CustomVars.png

In this section you can setup a more advanced contextualization, the attributes available are:

  • VARIABLE - Variables that store values related to this virtual machine or others . The name of the variable is arbitrary (in the example, we use hostname).
  • SET_HOSTNAME - This parameter value will be the hostname of the VM.
  • DNS_HOSTNAME - YES to set the VM hostname to the reverse dns name (from the first IP)
  • GATEWAY_IFACE - This variable can be set to the interface number you want to configure the gateway. It is useful when several networks have GATEWAY parameter and you want yo choose the one that configures it. For example to set the first interface to configure the gateway you use GATEWAY_IFACE=0
  • DNS - Specific DNS server for the Virtual Machine
  • USERNAME - User to be created in the guest OS. If any password attribute is defined (see below) it will change this user (defaults to root). Please note: SSH daemon on the host is configured to deny access to user root and it does not support password authentication. If you specify USERNAME such account will be created and any SSH keys you may have configured will be allowed to login as that user. If you use any of the context variables below then password will be set for the user too. If username is not root you will be able to SSH in using SSH key and you will be able to login on the VNC console but you will not be able escalate your privileges to root. If username is root or you do not use USERNAME then you will be able to login on the VNC console but you will not be able to SSH in. Contextualization script always creates an user cloudUser which is allowed to login SSH using the keys you have configured in the template. Also cloudUser is allowed to elevate its privileges via sudo without password. the following command will make you root without password:
    sudo -s
  • CRYPTED_PASSWORD_BASE64 - Crypted password encoded in base64. You can use the following command:
    openssl passwd -1 | base64
  • CRYPTED_PASSWORD - Crypted password. This parameter is not recommended, use CRYPTED_PASSWORD_BASE64 instead. You can use the following command:
    openssl passwd -1
  • PASSWORD_BASE64 - Clear text password encoded in base64. This parameter is not recommended, use CRYPTED_PASSWORD_BASE64 instead. Example command:
    echo "Password" | base64
  • PASSWORD - Clear text password to be set for the user USERNAME. This parameter is not recommended, use CRYPTED_PASSWORD_BASE64 instead.

The following attributes are automatically filled up configuring the Network section of the template:

  • ETHx_MAC - Used to find the correct interface
  • ETHx_IP - IPv4 address for the interface
  • ETHx_IPV6 - IPv6 address for the interface
  • ETHx_NETWORK - Network address of the interface
  • ETHx_MASK - Network mask
  • ETHx_GATEWAY - Default IPv4 gateway for the interface
  • ETHx_GATEWAY6 - Default IPv6 gateway for the interface
  • ETHx_MTU - MTU value for the interface
  • ETHx_DNS - DNS for the network

These last attributes are also automatically filled up adding SSH public keys in the Context Configuration Section of the template:

  • SSH_PUBLIC_KEY - Key to be added to USERNAME authorized_keys file or root in case USERNAME is not set.
  • EC2_PUBLIC_KEY - Same as SSH_PUBLIC_KEY